Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
29s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
05/07/2023, 13:29 UTC
Static task
static1
Behavioral task
behavioral1
Sample
remittance payment.html
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
remittance payment.html
Resource
win10v2004-20230703-en
General
-
Target
remittance payment.html
-
Size
124KB
-
MD5
81afb5a1c9412a844acc331abe2db2da
-
SHA1
fdcd44789f907e3c38b4b6ead135dde759398df4
-
SHA256
1496f4195a630217125bcfe61603d5c32d3aa11cf55678e4df551452cbdc5353
-
SHA512
7b00786755f58bf8a86fcd9def3723858ad299944d6f8a6267063e46e46ba0b95b2683e3d66128ab701afe42dd0588ab0dea7a95b4a952e19028f9f6c523eea0
-
SSDEEP
3072:mk3r7+NRGyE9Je3xIVbLBiE586hcUnR3qTF8bNNG5v+2:z7+zGycCxIVbLBliMR3qA3kv+2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe -
Suspicious use of AdjustPrivilegeToken 62 IoCs
description pid Process Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4876 wrote to memory of 1512 4876 chrome.exe 79 PID 4876 wrote to memory of 1512 4876 chrome.exe 79 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 2696 4876 chrome.exe 81 PID 4876 wrote to memory of 1260 4876 chrome.exe 82 PID 4876 wrote to memory of 1260 4876 chrome.exe 82 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83 PID 4876 wrote to memory of 1224 4876 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\remittance payment.html"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fcb9758,0x7ffd9fcb9768,0x7ffd9fcb97782⤵PID:1512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:22⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:1260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:12⤵PID:2916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:3528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:1348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:4152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:3392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1908,i,4004869274206286441,10089725024929958936,131072 /prefetch:82⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3836
Network
-
Remote address:8.8.8.8:53Requeststackpath.bootstrapcdn.comIN AResponsestackpath.bootstrapcdn.comIN A104.18.10.207stackpath.bootstrapcdn.comIN A104.18.11.207
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.25.14cdnjs.cloudflare.comIN A104.17.24.14
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.251.36.42
-
Remote address:104.17.25.14:443RequestGET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3091296
expires: Mon, 24 Jun 2024 13:29:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQm3osT5J8olqNJWHo%2Fk6ODb51H8WiApfjr5bZP1TNNCCxyO09m0%2BRzBoBsqUuc8Ed3S6SzJ2PrBZtm5KpzhXFptXiDynZHe%2BOdiKxcIOAy4HV5vDXCLJ5fDWJR%2F%2BA7%2BpBlV0Gmq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7e1ff5bb7fefb968-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.10.207:443RequestGET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/2.0
host: stackpath.bootstrapcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: NL
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
access-control-allow-origin: *
cdn-cachedat: 07/27/2021 10:45:59
cdn-edgestorageid: 766
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.0
cdn-status: 200
cdn-requestid: d340f8654a4f39d0647fd3c821d8fb7a
cdn-cache: HIT
cf-cache-status: HIT
age: 21801593
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7e1ff5bb7cf70a75-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:142.251.36.42:443RequestGET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN AResponsemaxcdn.bootstrapcdn.comIN A104.18.11.207maxcdn.bootstrapcdn.comIN A104.18.10.207
-
Remote address:104.18.11.207:443RequestGET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
cdn-edgestorageid: 617
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 2021-06-08 14:35:59
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: eefa06f81ccaf21fa5451ec613a67069
cdn-cache: HIT
cf-cache-status: HIT
age: 2354215
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7e1ff5bc6f19b788-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request1000logos.netIN AResponse1000logos.netIN A172.67.71.451000logos.netIN A104.26.8.1751000logos.netIN A104.26.9.175
-
Remote address:172.67.71.45:443RequestGET /wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.png HTTP/2.0
host: 1000logos.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 25979
last-modified: Sat, 12 Feb 2022 06:15:35 GMT
etag: "62075087-657b"
cf-cache-status: HIT
age: 1840
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjBaD%2BBypUaqgWJDmx1z22Ry6D1VxXWfnfoWaF8uv6%2FgqfKGTxdnLHOkKs%2BXpfd6%2BWCQQvTtGLIX7yOyMILGvqon7cfHfwJed33S5fCmVC5C9h7pDD1oXIoHQrpCuAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7e1ff5bc9a0e0a64-AMS
-
Remote address:8.8.8.8:53Request195.179.250.142.in-addr.arpaIN PTRResponse195.179.250.142.in-addr.arpaIN PTRams15s42-in-f31e100net
-
Remote address:8.8.8.8:53Request202.179.250.142.in-addr.arpaIN PTRResponse202.179.250.142.in-addr.arpaIN PTRams15s42-in-f101e100net
-
Remote address:8.8.8.8:53Request14.25.17.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request207.10.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request42.36.251.142.in-addr.arpaIN PTRResponse42.36.251.142.in-addr.arpaIN PTRams17s12-in-f101e100net
-
Remote address:8.8.8.8:53Request207.11.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request45.71.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestassets.msn.comIN AResponseassets.msn.comIN CNAMEassets.msn.com.edgekey.netassets.msn.com.edgekey.netIN CNAMEe28578.d.akamaiedge.nete28578.d.akamaiedge.netIN A2.16.241.97e28578.d.akamaiedge.netIN A2.16.241.76
-
GEThttps://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtaskRemote address:2.16.241.97:443RequestGET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {9A0AA320-02A9-4895-93BF-E83F6D53852E}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: F6100D52207B421D8A275B2B199B44DD
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1688563799
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: FA61E94E177247B7842B9167E3BFA68A
cookie: MUID=F6100D52207B421D8A275B2B199B44DD
ResponseHTTP/2.0 200
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: lowT:0;IsRecoNewUser:1;coldStart:1;coldStartUpsell:1;lowC:0;BingRecoCode:Success;SageUser:0;winbadge:1;partialResponse:1;tbn:0
x-wpo-activityid: 5B31D1E8-711B-489E-B986-6B665F863213|2023-07-05T13:30:01.7212928Z|fabric:/wpo|FRC|WPO_33
ddd-feednewsitemcount: 1
ddd-activityid: 5b31d1e8-711b-489e-b986-6b665f863213
ddd-strategyexecutionlatency: 00:00:00.6204282
ddd-debugid: 5b31d1e8-711b-489e-b986-6b665f863213|2023-07-05T13:30:01.7264825Z|fabric:/winfeed|FRC|WinFeed_2
onewebservicelatency: 622
x-msedge-responseinfo: 622
x-ceto-ref: 64a57059846447488a90cf80c132e052|2023-07-05T13:30:01.101Z
expires: Wed, 05 Jul 2023 13:30:01 GMT
date: Wed, 05 Jul 2023 13:30:01 GMT
content-length: 1528
akamai-request-bc: [a=2.16.240.33,b=27741844,c=g,n=DE_HE_FRANKFURT,o=20940],[a=20.74.25.147,c=o]
server-timing: clientrtt; dur=24, clienttt; dur=634, origin; dur=633 , cdntime; dur=1
akamai-cache-status: Miss from child
akamai-server-ip: 2.16.240.33
akamai-request-id: 1a74e94
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin
-
Remote address:8.8.8.8:53Requestclients2.google.comIN AResponseclients2.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.251.36.46
-
Remote address:8.8.8.8:53Request97.241.16.2.in-addr.arpaIN PTRResponse97.241.16.2.in-addr.arpaIN PTRa2-16-241-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request46.36.251.142.in-addr.arpaIN PTRResponse46.36.251.142.in-addr.arpaIN PTRams17s12-in-f141e100net
-
Remote address:8.8.8.8:53Requestfronterz.comIN AResponsefronterz.comIN A178.208.94.221
-
Remote address:178.208.94.221:443RequestPOST /hunter/hunt/baby6.php HTTP/2.0
host: fronterz.com
content-length: 64
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
accept: application/json, text/javascript, */*; q=0.01
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
date: Wed, 05 Jul 2023 13:30:20 GMT
content-type: application/json
x-powered-by: PHP/8.0.29
access-control-allow-origin: *
x-powered-by: PleskLin
content-encoding: br
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A92.122.101.18a1952.dscq.akamai.netIN A92.122.101.41
-
Remote address:92.122.101.18:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 05 Jul 2023 14:30:20 GMT
Date: Wed, 05 Jul 2023 13:30:20 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Request221.94.208.178.in-addr.arpaIN PTRResponse221.94.208.178.in-addr.arpaIN PTRhosted-bymchostru
-
Remote address:8.8.8.8:53Request18.101.122.92.in-addr.arpaIN PTRResponse18.101.122.92.in-addr.arpaIN PTRa92-122-101-18deploystaticakamaitechnologiescom
-
104.17.25.14:443https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.csstls, http2chrome.exe1.8kB 9.7kB 15 16
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.cssHTTP Response
200 -
104.18.10.207:443https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.csstls, http2chrome.exe2.1kB 29.4kB 23 32
HTTP Request
GET https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.cssHTTP Response
200 -
142.251.36.42:443https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.jstls, http2chrome.exe2.2kB 39.5kB 23 35
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js -
104.18.11.207:443https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jstls, http2chrome.exe1.8kB 14.4kB 15 19
HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.jsHTTP Response
200 -
172.67.71.45:443https://1000logos.net/wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.pngtls, http2chrome.exe2.1kB 30.8kB 21 31
HTTP Request
GET https://1000logos.net/wp-content/uploads/2020/08/Microsoft-Excel-Logo-500x313.pngHTTP Response
200 -
2.16.241.97:443https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtasktls, http22.6kB 10.6kB 20 19
HTTP Request
GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=b45f6007-71df-44b4-8668-ff503aa8bc54&ocid=windows-windowsShell-feeds&user=m-f6100d52207b421d8a275b2b199b44dd&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtaskHTTP Response
200 -
953 B 8.3kB 8 9
-
1.9kB 6.0kB 14 13
HTTP Request
POST https://fronterz.com/hunter/hunt/baby6.phpHTTP Response
200 -
324 B 1.6kB 4 4
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200
-
72 B 104 B 1 1
DNS Request
stackpath.bootstrapcdn.com
DNS Response
104.18.10.207104.18.11.207
-
66 B 98 B 1 1
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.25.14104.17.24.14
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
142.251.36.42
-
6.6kB 93.0kB 46 85
-
69 B 101 B 1 1
DNS Request
maxcdn.bootstrapcdn.com
DNS Response
104.18.11.207104.18.10.207
-
59 B 107 B 1 1
DNS Request
1000logos.net
DNS Response
172.67.71.45104.26.8.175104.26.9.175
-
74 B 112 B 1 1
DNS Request
195.179.250.142.in-addr.arpa
-
74 B 113 B 1 1
DNS Request
202.179.250.142.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
14.25.17.104.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
207.10.18.104.in-addr.arpa
-
72 B 111 B 1 1
DNS Request
42.36.251.142.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
207.11.18.104.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
45.71.67.172.in-addr.arpa
-
60 B 166 B 1 1
DNS Request
assets.msn.com
DNS Response
2.16.241.972.16.241.76
-
65 B 105 B 1 1
DNS Request
clients2.google.com
DNS Response
142.251.36.46
-
3.9kB 9.4kB 15 14
-
204 B 3
-
70 B 133 B 1 1
DNS Request
97.241.16.2.in-addr.arpa
-
72 B 111 B 1 1
DNS Request
46.36.251.142.in-addr.arpa
-
58 B 74 B 1 1
DNS Request
fronterz.com
DNS Response
178.208.94.221
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
92.122.101.1892.122.101.41
-
73 B 106 B 1 1
DNS Request
221.94.208.178.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.101.122.92.in-addr.arpa
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
873B
MD5cb811f8c0c3416b884c92c10f7191fac
SHA15e5115d36a79c6cb18217a919d7fd0ebb61cfa46
SHA256b2c30c41911a71b2c87de59527a95969ca6d9ae880e4754b5257d3f34274b154
SHA512df61eb4f38e2ec93c03daebd653db5c27f9ef16290c1a914fe005afe395d5cb2693661ed1388cabf0afa1349d8fcf701de9f27bafb8d6c67ce9830b6a5e8ad99
-
Filesize
6KB
MD5f0360bcc89678cb07ed638fac64ec607
SHA15e47037a9e180e06bda995ccd44b85e3b59346b9
SHA256b43f180df54c0dfa0b9f5dfcfe20cc1ab893a6c2b4b3fe8815e604a77715469e
SHA512d405c2278e654d4edb3d4f3e2d042899c7fb0e155fceb96541d68d054a92ea07a475abc20b234b7f33431687f561c5d55d22302d083393d71b504790d2624aa0
-
Filesize
173KB
MD5ec75af70766fe09708d83cedd715e6da
SHA155c87b9e05a544ab3a256e30d457c2a3d6775903
SHA256b5720cbd4daed9edd4b8556e22406403cd9cddc423f659d971e3e93fd31a4e52
SHA512f64522a194f9910c0a67c19e05149d84e35e537c27c2d12c97961cca5ccb69425ab21f0c43f4260736550139f9be05e9775e658de756b03f5d1c6f9f28190ad0
-
Filesize
89KB
MD5716e8dba4338b8b1a4bf045858b46044
SHA14b1573f099ecb9f652b211f576c48fe3aa5aaafa
SHA2562f22024c8a76a8338e0a600aa35b29414894ab0fbe427982cd4b75643ec55f34
SHA512684149b3fc9e53247cf65b7526c82e6873ba000b17c156be9d665a441950522824cdde70f836a632274326b4cdffa653701dd4f9455b29e84f3c29a13e6138f6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84